from the don't-let-them-get-away-with-it dept

We've been hearing regularly from the NSA's biggest defenders -- including former NSA boss Michael Hayden, current head of the House Intelligence Committee Rep. Mike Rogers and President Obama -- that despite all of the revelations about the NSA, there hasn't been any evidence of abuses. We've discussed over and over and over again why that's clearly untrue. Over at the Guardian, Trevor Timm has done an excellent job laying out in detail how President Obama and others are simply lying when they say there's been no evidence of abuses by the NSA. He details example after example of abuses that have come to light. Here's just one which shows not just abuses, but a pattern of regular abuse:

For years, as new data came into the NSA's database containing virtually every phone call record in the United States, analysts would search over 17,000 phone numbers in it every day. It turns out only about 1,800 of those numbers – 11% – met the legal requirement that the NSA have "reasonable articulable suspicion" that the number was involved in terrorism.

What were the other 89% of the numbers being searched for? We're not exactly sure. But we do know that five years after the metadata program was brought under a legal framework, the Fisa court concluded it had been "so frequently and systematically violated that it can fairly be said that this critical element of the overall … regime has never functioned effectively".

Part of the issue, of course, is that the NSA's defenders, including the President, seem to be trying to redefine the word "abuse" just as they've tried to redefine lots of other common English words concerning their surveillance efforts.

One reason might be that, like many other words, the NSA has a different definition of "abuse" than most people. After LOVEINT was brought up to Director of National Intelligence general counsel Robert Litt on a conference call with reporters, he replied:

I'm using abuse in a slightly more limited term. I'm not talking about the LOVEINT kind of thing, but people using surveillance for political purposes or to spy on Americans more generally or anything like that, as opposed to individual people screwing up.

Apparently to qualify as "abuse", the surveillance has to be on a massive scale, wilful, in bad faith, hidden from the Fisa court, and it has to about political views. Spying on loved ones or unauthorized spying on criminal behavior does not count.

Even worse, as Timm points out (and as we've discussed in the past), the LOVEINT disclosures revealed that many of those very willful abuses were only "discovered" years later when they were self-reported, meaning that there's a very good chance that there are many more abuses that were never discovered or reported.

But, of course, there's an even larger issue. Abusing the programs (no matter how you define that) presupposes the programs themselves are legitimate. That's highly questionable.

With all that said, it's unclear why we're quibbling over whether or not the government truly abused the data it has. The programs themselves are an abuse. A primary reason the founding fathers declared independence from the British was in protest of "general warrants" – the idea that the police could seize everything in a given neighborhood, only to go through it afterwards and find the criminal.

The Fourth Amendment requires particularized, individual court orders, and as long as the NSA is collecting such a vast database on every innocent person in the United States, and then searching it at their own discretion, they are abusing our constitution.

As Timm says, we don't allow police to search our homes or listen to phone calls without individual warrants and then say it's okay so long as they "don't abuse" what they discover. We say that those searches themselves are an abuse and unconstitutional. The same should be true of the NSA's efforts. They're all an abuse. An abuse of the Constitution and basic rights.

The New York City Police Department is invoking a concept frequently employed by intelligence agencies like the FBI and CIA to deny a request for financial records on the unit that surveils Muslim communities.

Even to release a budget for the secretive Zone Assessment Unit, the NYPD claimed in a letter to HuffPost, would allow someone to "form a mosaic that depicts covert public safety activities that would be jeopardized."

Observers will note this is the same excuse given by the FBI to turn down perfectly legal FOIA requests from Ryan Shapiro, a former punk rocker turned animal rights activist. Shapiro utilized privacy waivers to make multiple requests for the same documents. Multiple versions of the same documents uncovered anomalies in the redactions, allowing Shapiro to access info that he wouldn't have received with a single request. The FBI's argument was basically that it sucked at consistent censoring, therefore Shapiro shouldn't be allowed to receive any documents as the result of FOIA requests.

As Matt Sledge at the Huffington Post points out, this "mosaic theory" has been deployed by administrations as far back as Reagan's in order to avoid complying with FOIA requests. But this is the first time a local law enforcement agency has used the theory to block access to public documents.

[Bob] Freeman, one of the state's leading authorities on FOIL law, said he has never seen a local law enforcement agency deny a records request on the basis of the mosaic theory. Nor has Jeffrey Light, a lawyer who litigates both federal FOIA lawsuits relating to intelligence agencies and Washington, D.C., police public records requests.

The NYPD also denied HuffPost's requests for information on policies relating to its cooperation with foreign governments under the International Liaison Program, which has placed NYPD officers in a dozen foreign countries to report on terror attacks. The NYPD stated that it had no records of such policies. The department also rejected requests for records on financial support from the New York City Police Foundation and federal agencies like the White House's High Intensity Drug Trafficking Area program. The Associated Press revealed last year that White House funds had been used to pay for Zone Assessment Unit vehicles and computers.

In addition to the mosaic theory, the NYPD also cited a slew of reasons why it couldn't release the records, ranging from the fear that they might reveal confidential sources and information, to ongoing litigation against NYPD spying, to a public records law exemption for intra-agency privilege. It did not cite which exemptions were being applied to which records requests.

The first issue here is the "mosaic theory" itself. The fear that dedicated requesters could piece together classified information by requesting multiple documents is an indictment of the system itself. Routine overclassification has made it impossible for those charged with vetting and releasing requested documents to do their job effectively. The bar for declaring something classified has been set so low that its use is almost entirely subjective. Instead of having verifiable standards that span each agency, every FOIA request is turned over to a variety of fiefdoms. Classified info leaks because there's no standard being applied. Everyone deploys the black marker differently, largely based on self-interest.

The other issue is the NYPD itself, which has been described as worse than the CIA, FBI and NSA when it comes to responding to FOIA requests. The department deploys every tactic possible to refuse requests and that's often following weeks of stonewalling. Just recently, the department went so far as to refuse public access to precinct police blotters, a staple of public information that it has shared without issue for decades. And this latest affront to open government and accountability is over budget documents of all things, and yet the PD claims it will expose methods and operational data.

Freedom of Information laws are specifically in place to thwart government agencies' natural tendency to obscure and obfuscate. The NYPD has never been much for sharing info with the public, dating all the way back to Giuliani's mayoral reign. Under Chief Kelly, the antagonistic attitude towards the public has only increased, along with the NYPD's secretiveness. Now, it's deloying the sort of anti-FOIA rhetoric normally reserved for federal investigative agencies and presidential administrations. New York City may be the largest city in the nation, but this is still a police department -- albeit one that insists on punching above its weight.

from the here-comes-balkanization dept

This is getting boring. Every time Techdirt writes about Russian Internet blocking, it's along the lines of: "just when we thought it couldn't get any worse, it does." Here's another one. As a post from TorrentFreak explains, Russia's telecoms regulator Roskomnadzor maintains a blacklist of sites that allegedly promote the usual bad stuff -- child pornography, criminal activities, suicide etc. In news that will surprise no one that understands how the Internet works, Roskomnadzor is finding it hard to enforce those blocks on material held on servers located outside Russia:

The problem, the watchdog says, is being caused by foreign hosts and service providers, mainly in the United States, who are refusing to disable access to a range of 'illegal' material when Russian authorities ask. The sites they host apparently "hop around" from location to location, but within the same provider, testing Roskomnadzor's patience.

Instead of realizing that it needs to re-think its approach, it has decided to double-down by blocking entire sites, rather than just material on them. Many of those are typical file-sharing or torrent sites, but according to TorrentFreak, Roskomnadzor won't stop there:

Stop-ddos.net, staminus.net and incapsula.com are all US-based content-agnostic services that provide websites with DDoS and other security-related protection. Even though they clearly do not provide any illegal content, they are being held responsible for the activities of their customers.

That is, the Russian agency is failing to distinguish between those offering possibly illegal content, and those that simply provide the plumbing. Worryingly, Roskomnadzor may well block some pretty important infrastructure companies:

And, as if it couldn't get any worse, rounding off the Russian list is CloudFlare, a US-based CDN [content delivery network] company that assists many hundreds of thousands of sites worldwide. Back in March, CloudFlare experienced technical difficulties which resulted in 750,000 sites being taken offline. If the Russians block CloudFlare, similar numbers of sites would be rendered locally inaccessible.

That would cut off millions of Russians from many worthwhile sites, while doing little to stop those who are determined to acquire materials illegally. That means this approach, too, will fail to achieve Roskomnadzor's unrealistic goals, and that the Russian agency will then move on to even more extreme measures. It can only be a matter of time before it decides to cut off all Internet sites located outside Russia -- purely to protect the children, you understand.

from the completely-preventable-misunderstanding,-but-no-one-wanted-to-prevent-it dept

As has been noted earlier here at Techdirt, the NHTSA (National Highway Traffic Safety Administration) has been collaborating with law enforcement agencies around the nation to collect blood and saliva samples from drivers. This collection is part of a NHTSA "survey" which is looking to determine how often drivers drive while possibly impaired by drugs or alcohol. Providing the NHTSA with either of these fluids is completely optional (citizens are rewarded monetarily for their contribution), but the use of uniformed officers (supposedly solely for crowd control and security of the payment funds) and patrol cars has given many drivers the impression that these stops (and collections) are actually mandatory -- or at the very least, highly recommended.

The Fort Worth, TX police department found itself on the receiving end of a considerable amount of criticism for its participation in the blood/saliva collections. The PD first attempted to deflect the criticism by offering standard excuses. When that failed to work, the police chief offered a very contrite apology for participating in the survey and "jeopardizing the public trust."

This backlash hasn't slowed the NHTSA which has taken its blood and saliva survey to Reading, Pennsylvania. While the outrage wasn't nearly as pronounced as it was in Ft. Worth, it was still notable. However, Police Chief William Heim hasn't seemed too concerned by citizen complaints. He called the whole thing "innocuous" and made this laughable assertion:

"People are not pressured by police presence to do something they don't want to."

Au contraire, Chief Heim. Police presence is often all it takes to make voluntary experiences seem mandatory. Ricardo Nieves, one of those flagged down by Reading police officers, felt the experience was anything but voluntary, and that attempting to leave would have been greeted by a possible arrest.

The Reading city council and the mayor himself also expressed concern about the use of police officers to acquire "voluntary" blood and saliva samples. For his part, Chief Heim appears to be ready to just ride out this outrage without offering any concession towards the offended public.

But if that's what Heim had planned, Nieves just threw a legal wrench into the works. Nieves has sued the city of Reading, Chief Heim, Mayor Vaughn Spencer, two unnamed employees of the private contractor (Pacific Institute for Research & Evaluation [PIRE]) performing the fluid collections, as well as PIRE itself

Nieves claims his Fourth Amendment rights were violated by the supposedly voluntary collection, which felt much more mandatory thanks to the police presence. Here's his description of the incident.

On Friday, December 13, 2013, plaintiff was traveling on the Bingham Street Bridge into the City of Reading, Pennsylvania, a public roadway. A cruiser owned and operated by the City of Reading Police Department was parked by the side of the street with its lights flashing where plaintiff was. Bright orange security cones lined the lane where plaintiff was driving. Plaintiff was in the right hand lane and the lane to plaintiff’s left was full of traffic such that he could not pull over to change lanes.

Defendant Doe stepped out into plaintiff’s lane of traffic, blocked his further advance, and flagged him to pull off the public road into a parking lot on Laurel Street. Having no ability to advance further on the road, and with no ability to move into the left-hand lane because of traffic, plaintiff drove into the parking lot. In the parking lot were five to seven improvised parking spaces outlined on three sides with orange security cones. Nieves pulled into one of these security cones.

Nieves reasonably believed under the totality of the circumstances that he was being stopped by the Reading Police Department because of the flashing lights of the police car on the street, the fluorescent orange cones on the street and in the parking lot, and the presence of a police car in the parking lot that was occupied by a police officer.

Jane Doe, a woman with a clipboard came up to plaintiff’s car and began to speak to him.

Jane Doe spoke quickly and said several things, including that plaintiff was not being cited, that plaintiff had done nothing wrong and that plaintiff was not being “pulled over.”

The last statement was clearly false, because plaintiff had only pulled over after John Doe had stepped into the middle of plaintiff’s lane of traffic on the public street and flagged plaintiff into the parking lot, all while lights were flashing on the police car parked at the location.

Defendant Doe stated that the purpose of the stop was a survey of drivers’ behavior and that she wanted to take a cheek swab to check for the presence of prescription drugs. She also stated that plaintiff would be paid if plaintiff agreed to the same.

Plaintiff refused to provide the cheek swab she requested.

Jane Doe then tried a second time to convince plaintiff into providing a cheek swab. Plaintiff again refused to provide a swab.

A third time Jane Doe again tried to coerce plaintiff into giving a cheek swab. At this point plaintiff stated to her very firmly, “No. Thank. You.”

Jane Doe then tried to hand plaintiff a pamphlet, which plaintiff did not accept. Jane Doe then walked away from plaintiff’s car. Plaintiff then tried to exit the parking lot but found no means of egress. Other cars had by then also apparently been pulled off the road.

Finally, a Reading police officer waved Nieves towards where he had been originally flagged down and indicated he should re-enter traffic there.

As he points out in the filing, at no time did Nieves feel he could leave without being subjected to arrest and prosecution. Such is the power of law enforcement officers and their vehicles, even if they are supposedly off-duty and serving only as "security."

The use of police to conduct this NHTSA survey has fundamentally altered the equation of a car stop, and the cops have done this to themselves. Aside from the absurd Georgia decision, there was never a suggestion that a driver had authority to ignore the “command” to pull over from a cop with lights blazing. That can no longer be said as a matter of law now that the police have squandered their authority to assist in a “voluntary survey.”

Flashing lights look no different when it’s a lawful sobriety checkpoint than when it’s a voluntary survey conducted by private contractors for a government agency. While the former requires compliance, the latter is of no consequence whatsoever. To borrow from Prouse’s rationale, just as there is no law preventing police from chatting you up like anyone else on the street, there is no law requiring you to chat ‘em back. Not in the mood to chat? Keep walking.

Not in the mood to take a survey? Keep driving. Forget those flashing lights. This is the message that comes of the extension of authority without any lawful basis or judicial approval.

Of course, this is hardly a victory for citizens. Greenfield notes that bypassing a set of flashing lights that could be taken either way (voluntary/mandatory) may just net citizens brand new sets of bullet holes.

Chief Heim claims it's all voluntary and not a big deal, but anyone arriving at these not-mandatory checkpoints won't know that until he or she has repeatedly refused to surrender blood or saliva. This whole situation could have been avoided by either a) not allowing law enforcement officers to participate (off-duty or not) or b) posting signage well in advance of the stop that participation was completely voluntary and indicating clearly where those wishing to bypass the stop could route themselves. Instead, these agencies lent their reputations and implied "color of law" to private contractors fronting for a regulatory agency and now, everyone involved -- cops and citizens -- is worse off for it.

It is the administration's view, consistent with the recent holdings of the United States District Courts for the Southern District of New York and Southern District of California, as well as the findings of 15 judges of the Foreign Intelligence Surveillance Court on 36 separate occasions over the past seven years, that the telephony metadata collection program is lawful. The Department of Justice has filed an appeal of the lone contrary decision issued by the United States District Court for the District of Columbia.

The announcement also pays lip service to the White House's task force's findings that the program required significant changes claiming that the intelligence community is "open to modifications to this program." Yeah, right. We'll see just how open they are when the changes are actually proposed.

Nevertheless, the Intelligence Community continues to be open to modifications to this program that would provide additional privacy and civil liberty protections while still maintaining its operational benefits.

Um, what operational benefits? The task force, multiple Senators, a federal judge and a variety of others have also noted that there are no benefits to the program. None have been shown.

Either way this is just more fluff from the intelligence community. They'll throw some bones to people, pretending to agree to meaningless modifications while fighting hard against any real change to the program. And pay attention, because you can bet that within any change they'll sneak in some other change that undermines it all anyway.

from the but-will-he-believe-the-answer? dept

As it appears that there's increasing momentum within Congress to rein in the NSA and its egregious surveillance activity, Senator Bernie Sanders has stepped in with a simple question for the NSA: is the NSA spying on Congress?

I am writing today to ask you one very simple question. Has the NSA spied, or is the NSA currently spying, on members of Congress or other American elected officials? "Spying" would include gathering metadata on calls made from official or personal phones, content from websites visited or emails sent, or collecting any other data from a third party not made available to the general public in the regular course of business.

While many will focus on the basic question of "is the NSA spying on Congress," what's much more important here is the definition that Sanders supplies of "spying." Because we already know the answer is yes. We know that the NSA is gathering metadata on pretty much every phone call that is on a major mobile phone network, meaning that, yes, the NSA is collecting metadata on the phone calls of elected officials.

Knowing the NSA's general history, if it responds at all, it will answer a different question. It will not address the gathering of metadata at all, but rather note that it does not "target" members of Congress. And, of course, even if the NSA claimed it wasn't spying on Congress (which, under Sanders' definition is clearly a lie) why would anyone believe them? President Obama has already made it quite clear that he's fine with senior intelligence community lying to Congress.

from the he-and-Peter-King-should-recuse-themselves-from-the-'debate' dept

We've already seen one reaction to the New York Times' call for clemency for whistleblower Ed Snowden. That one came courtesy of the terminally-perturbed Rep. Peter King, a man who cares so much for this country that he believes Snowden should be imprisoned for "appeasing terrorists." Calling Snowden a traitor only gains you so much political traction these days, but King's in no hurry to give up his antagonistic calls for Snowden's head, even when his assertions of "terrorist appeasement" clash with his own background as a terrorist appeaser.

Another talking head who can't seem to find a single good word to say about Snowden's leaks is former NSA boss Michael Hayden. His unwavering defense of the NSA would perhaps be admirable if it didn't suggest that his position at the Chertoff Group is dependent on an absurdly healthy surveillance state and a never ending "War on Terror."

[If you're not already familiar with the Chertoff Group, this blurb from its "About" page will give you an indication of how Hayden's defense of all things NSA is intertwined with his "private sector" income:

As Secretary of the U.S. Department of Homeland Security, Michael Chertoff worked closely with America’s most experienced intelligence experts and security professionals. Now a select group of them have joined him to form The Chertoff Group.

The Chertoff Group provides business and government leaders with the same kind of high-level, strategic thinking and diligent execution that have kept the American homeland and its people safe since 9/11.

Michael Hayden is just one of the former government officials employed by the Chertoff Group. Many other members are just as connected to government security and intelligence agencies. VP and co-founder Chad Sweet served as Chief of Staff in the DHS. Principal Jayson Ahern? 33 years in the US Customs and Border Protection, a division of the DHS. Richard Falkenrath? Adjunct Senior Fellow for Counterterrorism and Homeland Security at the Council on Foreign Relations. Jay Cohen? Chief of Naval Research. Michael Weatherford? Served as the Deputy Under Secretary for Cybersecurity with the DHS. Larry Castro? NSA Security Service Representative to the DHS.

The list goes on and on.]

So, this is why Hayden's statements on Snowden and the leaked documents resemble those of someone still employed by the NSA. That's because, for all intents and purposes, he pretty much is. His current employer's future prosperity cannot be disentangled from the NSA and other, equally-overreaching branches of the government.

[M]ichael Hayden, who served as NSA director and CIA director under the last administration, called the suggestion of clemency for Snowden “outrageous.” He predicted any efforts to grant Snowden clemency would be met with significant resistance from U.S. intelligence officials. He pointed to the campaign on behalf of Jonathan Pollard, an Israeli spy who stole secrets for the Jewish state in the early 1980s when he worked as an analyst for the U.S. Navy. “There is a lot of push to give clemency for Jonathan Pollard, who did far less damage than Snowden and the U.S. intelligence community has been adamant against clemency for Pollard,” Hayden said. He added that giving clemency to Snowden would send the message to future leakers: “If you are going to do this, make sure you steal enough secrets to bargain for clemency.”

The suggestion isn't that "outrageous." Snowden's leaks have prompted some normally-complacent politicians to reexamine the NSA. Several pieces of legislation have been introduced in response and the support for these crosses party lines. These excesses, which trace back even before the 9/11 attacks (but increased exponentially shortly thereafter) are finally in "danger" of being reined in. The NSA, and Michael Hayden, have always defended the agency's actions by pointing at the "rigorous oversight" of the House and Senate. The agency's defenders resent the fact that its previously (deliberately) underinformed "oversight" is now privy to the ugly reality of the NSA's programs and is attempting to (finally) curb its power.

Hayden points to Pollard's situation as being comparable when it really isn't. Pollard sold secrets to another country. Snowden gave his documents to the public. Most people can distinguish a spy from a whistleblower. Hayden, apparently, is not one of them. He follows this up by claiming granting Snowden clemency would just encourage whistleblowers to grab massive amounts of documents as bargaining chips. That claim is similarly weak.

First and foremost, this administration has sent a clear message to whistleblowers over the last five years: keep your head down and shut up. The Obama administration has prosecuted more whistleblowers than all other administrations combined. Anyone hoping to blow the whistle under this administration might as well grab all the documents they can because they're going to end up being prosecuted anyway, no matter what "safeguards" are built into the system. The system sets up whistleblowers to fail. Taking the "proper" path just gets you rerouted, stonewalled and finally, flushed from the system.

Hayden believes we can't show Snowden any sort of mercy without encouraging others to follow in his footsteps. He may think this hardline is a necessity to ensure the nation's security, but what it really says is that those defending this agency (and others operating in the same sphere) know there's a whole lot of deep, dark secrets they'd rather not share with the American public. This is a problem with the NSA, not a problem with Snowden or the agency's many detractors. If the agency (through mouthpieces like Gen. Keith "I can't think of another way to do this" Alexander) can't find a way to protect the nation without carving huge holes out of the public's civil liberties, it's only for a lack of trying. It's never had to find another way because it was given free rein to accomplish its goals by uninformed oversight, broad executive orders and a compliant court system.

Granting Snowden clemency would be a step in the direction of contrition -- a small admission of the government's betrayal of its constituents. If the legislators working to rein in the agency truly want to change the system, they need to persuade the executive branch to drop its plans to shoot the messenger. The problems are of the NSA's own making. Punishing the man who finally said, "this is enough" will just allow the "business as usual brigade" to increase the speed at which the surveillance state status quo is restored.

from the dear-youtube dept

YouTube's ContentID is receiving an awful lot of well-deserved criticism lately, and the company -- true to unfortunate form -- still doesn't seem to realize that it should (a) fix its broken program and (b) actually respond to the criticism. YouTube seems to think that the issue will blow over, but every time there's another bogus takedown/copyright claim, things seem to get worse. The fact that it's allowing major labels to claim the revenue of independent artists is a huge problem that needs to be addressed.

In the meantime, many of the people who have built careers off of YouTube are now speaking out against ContentID as well. Dan Bull, who we've written about many times before, has put up his latest video, entitled, simply FUCK CONTENT ID, and it calls out the company for taking money from independent creators and handing it over to whoever claims the copyright with no legitimate basis (amusingly, Dan also mocks YouTube's "copyright free audio library" which he uses as the base of his song).

There are elements of ContentID that are certainly useful, but since the program has been introduced, it's been plagued with serious problems, providing way too much power to those who make bogus claims. It feels, unfortunately, like YouTube has gotten increasingly complacent on this issue because it has (by far) the majority market share on amateur videos. But things change, and if it continues to make it difficult for content creators, they're going to go elsewhere. And, yes, YouTube is getting hit from both sides on this issue, as it's still fighting its lawsuit with Viacom that claimed that the company didn't do enough to stop infringement. But now the problem seems to be that it defers so easily to claims of infringement that people creating their own content are having it "monetized" by big companies based on nothing. That's not the right solution at all.

from the i-guess-they-would-know... dept

Nearly a year ago, well before all the Snowden leaks, we had a discussion about how, for all the talk from Keith Alexander about how the US was facing "unprecedented cyberattacks" that might bring about a "cyber Pearl Harbor," in reality, it appeared that the real global threat to computer systems was... the US government itself, via Keith Alexander's "US Cyber Command," which had, by far, the most sophisticated and advanced digital attack unit and wasn't afraid to use it. In fact, the US government seems to think it has incredibly broad powers to attack digitally. Of course, the nature of those attacks have become a lot more clear lately. And, as a part of that, one thing that's becoming clear: every time you hear a scary story about a kind of attack that some foreigners might do, you can pretty much guarantee: the NSA has already done it.

You may recall that, late in 2012, the House Intelligence Committee, led by dishonest NSA defender Rep. Mike Rogers, put out a report claiming that Americans should not use networking equipment made by Huawei, the Chinese networking giant, hinting that the company might be inserting backdoors and spyware into the equipment for the Chinese government. Huawei -- which had actually previously publicly asked the US government to investigate it to prove that such claims were false -- was not at all pleased about this, claiming that the whole thing was libelous and "utterly lacking in substance." A month ago, Huawei suggested that it was going to just ditch the US market because of all of this.

And yet... the recent NSA revelations about its technical capabilities to backdoor various hardware products showed that it's actually the NSA which has backdoors in Huawei's equipment. That doesn't foreclose the possibility that the Chinese have hacked it as well, but it sure looks ridiculous. As the Wired article linked above summarizes: "US to China: We hacked your internet gear we told you not to hack." This certainly plays into the hands of the Chinese, who have long argued that the attack on Huawei by Mike Rogers and friends was really just an attempt to pump up US-based competitors like Cisco (whose products the NSA has also apparently compromised).

And then there's the whole "BIOS" attack thing. You may recall that the big "scoop" in the hilariously lopsided60 Minutes infomercial for the NSA by John Miller (a counterterrorism official pretending to be a journalist), was that there was some scary foreign threat out there from another country that was going to "infect the BIOS" of every computer on earth and turn them all into bricks. Experts pointed out that the claims were pure gibberish.

Except in that same report about the NSA's technical capabilities came the news that it's the NSA that is installing malware in the BIOS. As Marcy Wheeler notes:

Most fearmongering claims the NSA makes may well be projection about its own activities.

None of this means that others (and the finger is usually pointed at the Chinese) aren't doing the same sorts of things themselves. But it sure does seem pretty hypocritical to go around fearmongering about the things that we, ourselves, are doing.

from the uncommon-common-sense dept

Around 1:00 AM on April 16, at least one individual (possibly two) entered two different manholes at the PG&E Metcalf power substation, southeast of San Jose, and cut fiber cables in the area around the substation. That knocked out some local 911 services, landline service to the substation, and cell phone service in the area, a senior U.S. intelligence official told Foreign Policy. The intruder(s) then fired more than 100 rounds from what two officials described as a high-powered rifle at several transformers in the facility. Ten transformers were damaged in one area of the facility, and three transformer banks -- or groups of transformers -- were hit in another, according to a PG&E spokesman.

Oil then leaked from the transformers, causing them to overheat and shut down. However, there were no major power outages, and no long-term damage. The Foreign Policy post gives a good summary of what we do and don't know, and is well-worth reading in full. As Schneier comments:

The article worries that this might be a dry-run to some cyberwar-like attack, but that doesn't make sense. But it's just too complicated and weird to be a prank.

Anyone have any ideas?

Feel free to theorize in the comments about what happened last April. Absent further information, I'd like to focus here on the following perceptive analysis from the article:

At the very least, the attack points to an arguably overlooked physical threat to power facilities at a time when much of the U.S. intelligence community, Congress, and the electrical power industry is focused on the risk of cyber attacks. There has never been a confirmed power outage caused by a cyber attack in the United States. But the Obama administration has sought to promulgate cyber security standards that power facilities could use to minimize the risk of one.

This fixation on "cybersecurity" is something that Techdirt has been pointing out for a while. It seems largely driven by canny defense and security companies hungry for profitable contracts, which are able to take advantage of politicians intimidated by technology and worried about seeming "soft" on "cyberterror." Kudos, then, to Jon Wellinghoff, the chairman of the Federal Energy Regulatory Commission, who seems to have more common sense than most of his colleagues:

A shooter "could get 200 yards away with a .22 rifle and take the whole thing out," Wellinghoff said last month at a conference sponsored by Bloomberg. His proposed defense: A metal sheet that would block the transformer from view. "If you can't see through the fence, you can't figure out where to shoot anymore," Wellinghoff said. Price tag? A "couple hundred bucks." A lot cheaper than the billions the administration has spent in the past four years beefing up cyber security of critical infrastructure in the United States and on government computer networks.

from the could-be-useful...-could-be-disinfo dept

While we were just suggesting that there are ways that NSA employees who believe the organization has gone too far can make a difference without also leaking documents, some are beginning to suspect that Snowden's activities may be creating at least some copycats -- and the interesting tidbit is that they may be less likely to get caught, because everyone assumes any new leaks are from Snowden. Matt Blaze recently noted that the most recent bombshell concerning the NSA's catalog of exploits, didn't actually name a source. And Glenn Greenwald has hinted strongly that the information is not from Snowden.

That doesn't mean that the information isn't from Snowden. It could very well be from him and just no one's said so. Greenwald's statements may actually be an attempt to solicit further leaks by making it clear that other leakers may be able to hide under the cover of Snowden. Blaze also points out that this possibility certainly runs the very real risk of someone providing false information to credulous reporters. That could come from those just pulling a prank or, more sinisterly, from an intelligence community looking to flood the press with disinformation to dilute and attempt to discredit the Snowden leaks. The intelligence community has certainly been involved in such campaigns in the past.

That said, this is a real opportunity for others who would like to blow the whistle from within the intelligence community to potentially do so under the cover of Snowden, allowing them to leak without everyone searching for the new leaker, believing the information is actually coming from Snowden. Still, if that's happening, I hope that the reporters receiving those documents heed Blaze's advice to be exceptionally careful to authenticate the documents, to find additional sources and also to disclose any uncertainty about the authenticity of the documents.

“Edward Snowden is either a traitor, or a defector, or both, and The New York Times is an accomplice,” King said in an appearance on Fox News. “They’re a disgrace. Their editors are a disgrace, and I wish they cared more about America than they did about the rights of terrorists’ appeasers.”

Well, if anyone has the background to be considered an expert on appeasing terrorists, it's Peter King. Of course, he delivered these remarks without any intended irony, but his intentions hardly matter given his past.

Peter King worries about terrorists... but only if they're Muslim. He's perfectly fine with white Irish terrorists, seeing as he went on record during the 80s stating his support for the IRA, which notably bombed a shopping center during the Christmas season, killing six and injuring 90. He was very concerned about their civil rights. Those were his kind of terrorists. These ones, not so much.

King doesn't mind appeasing terrorists if they're white and Irish, but woe be unto those that cross his beloved intelligence agencies. King cares so much about America that he's willing to help turn it into a surveillance state. He'll continue to aid and abet the NSA in its overreach, civil liberties be damned. Why? Because the wrong kind of terrorists might otherwise find an opening to attack.

Realistically, the odds of being killed in a terrorist attack in the US are far lower than they are in other nations, even without the NSA compiling mountains of irrelevant data. It's even safer here than it is in the UK where King's favorite terrorists did their damage.

But that's not all King had to say. For seemingly the hundredth time, he repeated lies about the NSA's integrity.

“No one has found any violations [by the NSA} ... no phone calls are being listened to, no emails are being read,” he said, adding that close monitoring only applies to a handful of individuals following an “exhaustive” court process.

Hahahahahaha!!!

Oh, wait. He's serious. I wonder who this "no one" is who found all of these violations. In some cases, "no one" is the agency itself, which admitted to so many violations the "exhaustive" court temporarily yanked its metadata-hoovering privileges. Another "no one" caught analysts tracking love interests and listening in on military members' "pillow talk" during their phone conversations with loved ones back home. Oh, and then there was that one time when a certain "no one" dropped thousands of pages of documents into the hands of journalistic entities that offered proof that the NSA had done everything from scoop up location data (which it previously swore it never did) to intercept hardware in order to install backdoors and exploits. It also helped itself to pre-encryption content by siphoning data from overseas fiber cables, using the "not in the US" excuse to justify grabbing US citizens' data and communications. No abuse here, no sir. Just tons of extra-judicial exploration of the "edges of the box."

The NSA's defenders seem to have reached the limits of their imaginations. Every subsequent revelation makes it that much harder to defend the agency. At this point, many defenders are verging on self-parody. Many others (Michael Hayden, Peter King, Mike Rogers) have long since left that tipping point behind.

Honestly, who truly believes Peter King cares about America more than those who have exposed the treacherous actions of an agency whose oversight has failed to hold it accountable for years? Americans still have ideals, even if their supposed representatives don't. King, who spent years stumping for terrorists when not applying layer after layer of black paint to his prized pot now apparently envies the blackness of his imaginary foes' kettles.

There are many ways to care for America, most of which involve challenging the powers that be. King is one of those "powers," and his love of his country is the most insincere of all. His "love" asks for subservience from its countrymen, rather than accountability from its leaders. These leaders can make our country stronger, but that means they have to stop crippling their constituents and diluting their rights. We need courage, not bombastic flag-waving from a man so blinded by irrational hate he can't even see his own hypocrisy.

Earlier this month we were happily debating merits of teleportation when we received an email from Apple. It said that Spin Master, a company with a board game based on “would you rather” questions, had filed a complaint with Apple saying our You Rather apps infringed their “WOULD YOU RATHER..?” trademark. Soon after, we received a matching letter from Google. It was a true Christmas miracle.

Now, as One Mighty Roar's blog post points out, Spin Master hasn't gone so far as to claim it invented the "would you rather" game, but that still hasn't stopped it from making several hefty demands.

- Stop using “You Rather” and any other phrases that are similar to “Would you rather”. This includes one (yes, really) or more of the words “Would”, “You”, or “Rather”.

- Hand over our yourather.com domain immediately

- Tell them how much money You Rather has made (presumably to ask for that too)

- Pay for their lawyers

- Attend a free no-obligation vacation for a hot new timeshare in Wyoming

At this point legally we should clarify that the last item is a joke, although at a certain level we wish they’d just gone the full gambit. Nowadays folks lack ambition, and we’re glad to see we’re not the only ones with big dreams.

These demands are rather extreme, especially for a company that no one thinks of when the words "would you rather" are spoken. One Might Roar clearly points this out in its filing, showing that if anything, "would you rather" is a generic term that is used to describe either/or queries, usually of the subjectively-lesser-of-two-evils variety.

Oddly enough, Spin Master's lawyers went out of their way to suggest several ungainly replacement titles for One Might Roar's apps, including such monstrosities as "this or that" (not really even the same thing) or "do you wanna" (which is at least adjacent to the ballpark, but still not really in it). This bit of "helpfulness" prompted the One Might Roar team to begin a search for a replacement URL equally as awkward.

There’s something wrong if a game of “Would you rather?” questions can’t use any of the words “Would”, “You”, or “Rather” to identify itself. Spin Master enforcing the trademark this way makes people afraid to call a popular game (which they didn’t invent) what it is. Worse still, their demands show similar issue with “Would you choose”, “Would you prefer” and other “Would you” alternatives out there. We’re lucky choosetheoptionpleasingtoonessensibilities.com is available… for now.

One Might Roar isn't just going to sit there and get steamrolled by Spin Master. It has responded by asking for declaratory judgement, pointing out that "would you rather" is all over the web, but none of it (other than Spin Master's site) makes any reference to the presumably underperforming board game.

One Might Roar clearly has a point, not that logic and common sense have much to do with trademark enforcement. This legal filing gives Spin Master the appearance of a company willing to profit off the success of others while simultaneously ensuring the burial of a rival. Not that One Might Roar is a true rival. At this point, Spin Master hasn't crafted an app version of its board game, so the threat it faces hardly even clears the "existential" bar.

But we're once again back to One Mighty Roar being at the mercy of the court at this point. It should be pointed out that Spin Master (represented by Pillsbury Winthrop et al) managed to nail down an $8.6 million settlement from Zobmondo Entertainment LLC back in 2012 over its use of the phrase "would you rather." That court battle dragged on for over six years, with the final decision finding in favor of Spin Master following a reversal that kicked it back to Ninth Circuit court. The key here, though, is the fact that Zobmondo was making its own board game, in direct competition with Spin Master's. Unfortunately, the decision that was reversed was one that stated the words "would you rather" were descriptive and "lacked secondary meaning." The Ninth Circuit (and its California jury) found otherwise on appeal, declaring the phrase to be protectable.

This puts One Might Roar's petition for declaratory judgement on unsure footing. Part of what it's asking for is to find the trademarked term merely descriptive and undeserving of trademark protection. The Ninth Circuit court has already made its declaration on the matter. This battle will take place in an entirely different jurisdiction (Massachusetts) but Spin Master's previous win can't be entirely discounted.

Based on what can be observed on the net, "would you rather" is for all intents and purposes generic. Spin Master's site is the only place (outside of board game databases) where one will find this phrase being used commercially. Otherwise, it's fair game for subreddits, standalone sites and any descriptions of the game describe the premise only, making no reference to Spin Master's trademarked product.

In order to keep their registrations from lapsing, trademark owners do have to make efforts to protect their brands, but Spin Master's attempt to drain these developers has very little to do with protecting its branded product. The You Rather? app bears no resemblance to the board game other than the use of the words "would you rather," words that can only very imaginatively be thought of as holding any sort of commercial viability. Giving Spin Master a win in this case will do nothing to discourage trademark trolling and frivolous filings.

from the so,-like-everyone-else,-then dept

The latest Washington Post article concerning documents revealed by Ed Snowden doesn't really reveal all that much, other than the unsurprising news that the NSA is trying to build a quantum computer that could help it break lots of forms of encryption (though, not all). But, the key point here is that the NSA really doesn't seem to have gotten any further than anyone else in this endeavor.

Physicists and computer scientists have long speculated whether the NSA’s efforts are more advanced than those of the best civilian labs. Although the full extent of the agency’s research remains unknown, the documents provided by Snowden suggest that the NSA is no closer to success than others in the scientific community.

“It seems improbable that the NSA could be that far ahead of the open world without anybody knowing it,” said Scott Aaronson, an associate professor of electrical engineering and computer science at MIT.

The NSA appears to regard itself as running neck and neck with quantum computing labs sponsored by the European Union and the Swiss government, with steady progress but little prospect of an immediate breakthrough.

“The geographic scope has narrowed from a global effort to a discrete focus on the European Union and Switzerland,” one NSA document states.

Of the various leaks so far, this one definitely falls into the category of... not that big of a deal. You'd pretty much expect the NSA to be working on a project like this, and while it may employ lots of very smart folks, it would be pretty difficult for the NSA to be particularly far ahead of anyone else on a big challenge like this one. Yes, one day there will be quantum computers, and that will be a concern for certain forms of encryption. So it's certainly worth contemplating what to do when that happens, but, for now, it doesn't appear the NSA has some special sauce there, even if its big malware program is called QUANTUM.